Re: Bug#540215: Introduce dh_checksums
On Thu, 15 Apr 2010, Stefano Zacchiroli wrote:
> On Thu, Apr 15, 2010 at 02:44:07PM +0200, Raphael Hertzog wrote:
> > On Tue, 23 Mar 2010, Wouter Verhelst wrote:
> > > The idea would be to provide a path from a binary on disk to a GPG
> > > signature for installed packages of which the user no longer has the
> > > .deb file from which it was originally installed, nor the Packages
> > > and/or Release.gpg file that was used to download it.
> >
> > Ok, it looks like a good goal.
>
> Now that snapshot.debian.org is officially deployed (and I can't stop
> thanking DSA and the other involved parties for that), let me highlight
> another potential advantage of reaching this goal.
>
> snapshot.d.o now has a really nice lookup interface from (SHA1) checksum
> to the actual file [1]. So having an easy tool to retrieve the (SHA1)
> checksum of a given file installed on disk would make trivial
> re-downloading the corresponding .deb even years later (which would be
> *awesome*).
Hu?! Retrieving the SHA1 checksum is done by running "sha1sum
/the/file"... I don't see what dpkg would bring here. Furthermore,
the content of a file might not change at each release which means it's
not a one-to-one mapping but a one-to-many mapping.
And snapshot stores the SHA1 of .deb, .dsc and related files but not the
content of the .deb.
I'm really confused at what you were trying to suggest.
Cheers,
--
Raphaël Hertzog
Like what I do? Sponsor me: http://ouaza.com/wp/2010/01/05/5-years-of-freexian/
My Debian goals: http://ouaza.com/wp/2010/01/09/debian-related-goals-for-2010/
Reply to: